Pam time : Mettre des restrictions sur les logins

From / Bloc Notes Informatique
Jump to: navigation, search

1 Introduction

pam_time is able to make several kind of restrictions like :

  • Time Based Restrictions
  • Access Based Restrictions

I'll explain here how to use those one.

2 Usage

2.1 Time Based Restrictions

These examples will limit the login times of certain users. See /etc/security/time.conf for more information/examples. In order to place time restrictions on user logins, the following must be placed in /etc/pam.d/login:

Configuration File /etc/pam.d/login
account    required    /lib/security/

The remaining lines should be placed in /etc/security/time.conf.

  • Only allow user nikesh to login during on weekdays between 7 am and 5 pm :
Configuration File /etc/security/time.conf

  • Allow users A & B to login on all days between 8 am and 5 pm except for Sunday.
Configuration File /etc/security/time.conf

If a day is specified more than once, it is unset. So in the above example, Sunday is specified twice (Al = All days, Su = Sunday). This causes it to be unset, so this rule applies to all days except Sunday.

2.2 Access Based Restrictions

/etc/security/access.conf can be used to restrict access by terminal or host. The following must be placed in /etc/pam.d/login in order for these examples to work:

Configuration File /etc/pam.d/login
account    required   /lib/security/

  • Deny nikesh login access on all terminals except for tty1:
Configuration File /etc/pam.d/login
-:nikesh:ALL EXCEPT tty1

  • Users in the group operator are only allowed to login from a local terminal:
Configuration File /etc/pam.d/login

  • Allow user A to only login from a trusted server:
Configuration File /etc/pam.d/login

3 Ressources